
Question 1: 

Answer the following questions by clearly circling the most appropriate answer [ 1 point each ] 


1. Digital signatures provide the ability to authenticate message content but does not verify 
author. 

a^_ True 
False 

2. If a CA private key is used in signing a digital certificate. Anyone with CA public key can 
read and verify certificate. 



b. False 


3. In public key cryptography if A wants to send an encrypted confidential message to B 


a. 



A encrypts message using his private key 
A encrypts message using B's private key 
A encrypts message using B's public key 
A encrypts message using his public key 


4. Which of the following is not an SSL protocol 

a. SSL handshake protocol 

b. SSL change cipher Spec protocol 

c. SSL record protocol 

session protocol 



5. Message authentication does not deal with which of the following attacks 

a. Masquerade 

b. Timing modification 

c. Content modification 

d. Destination repudiation 

/ fe.) Disclosure of message contents 

6. Which of the following is not one of the security capabilities provided by a digital 
signature. 



it must verify the author of the signature 
it musl(verify old or. neW message 
it must authenticate the content 
it must authenticate denying of creation 


7 . 


public keys through public announcement has major weakness, which 

. _ an Y°" e can create a ke y claiming to be someone else and broadcast it 

D. Bribery, anyone can bribe to claim the key 

c. Sorcery, use magic to guess the key 

d. Memory, hard to remember the public key 

e. None of the above 


Distributing 

Forgery 
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8. HTTPS refers to 

a. The HTTP and SSL handshake that allows the server and client to authenticate each 

other and to negotiate encryption 

b. The HTTP and SSL establishment of security capabilities by the client to initiate and 

stablish capabilities 


he combination of HTTP and SSL to implement secure communication between a 


d. The HTTP-specific protocol to change of pending state to be copied into current state 
9. Message Authentication Code (MAC) is a cryptographic checksum and is a 


c. Security is embedded within the particular application to the specific needs of that 



web browser and a web server. 


function. 


a. One-to-one 


b. One-to-many 



d. Many-to-many 


10. If the web security was i 
gain the following: 


implemented at the Network layer (Not Transport Layer) then we 


(a. Security will be transparent to end users and applications. 


b. Security is embedded in web browsers 


dy No real security provided to higher layer protocols 


application. 
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Question 2: 



1. In RSA key setup, assume p=3 , q=ll and e-7. Compute the public and private keys. 


/\- u ^ o tyC A) 


X (Or 
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[ 3 points ] 






2 Suppose that Alice chooses for an RSA system the primes p = 23, and q - 41, and the 

3 points] 

public key e = 7. 



(a) Write the equation to encrypt the plaintext M - 35. 

( 2 * t\* ,W a - ( 

(bi Write the equation to decrypt the ciphertext C=545 with d = 503 

A > 
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3. \n RSA, why primes p,q must not be easily derived from modulus n-p.q 

&<2rc*v\se. t~/ n •" ^ 


[ 2 points ] 


£ 
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noranhv was develooed? List twois 
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4. Why public key-cryptography was developed? List twoissues-resolved by public key 
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[ 2 points ] 
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Question 3: ( n 

V 

1. Explain the following two hash function requirements: V^_^/ [ 2 points ] 

■ Weak Collision resistant: For any given block x, it is computationally infeasible to find y 
with H(y) = H(x) 

■if ] J\<rCVCL CV Kcrt^K <~i\ c H) Art rot cx f 

stxr^e k'd K 

Strong Collision resistant: It is computationally infeasible to find any pair (x,y) such 
that H(x) = H(y). 

Adrir^( “ho biAjo flainbexit 

& "U^_ Sc\r^_ k 4 'y 
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E(PRa,M ) !‘U h tHPU b ,E{Plta,M)) PRf, W’R‘>* M) pu a 
Public-key encryption: confidentiality, authentication, and signature 


2. The above diagram shows public key encryption is used. Answer the following questions: 

i. why the encryption provides no confidence of sender? I 3 point ] 


\ 


\ 


ii. Can you detect corrupted messages? 

AJo 


III. 


What is the main disadvantage of the above approach? 


l frvuj 


3. An adversary has a database that contains 2 70 different files. You have been signing your 
messages using a hash function that generates 64bit hash code and a secure private key. 
Are you safe? Explain why and propose a proper solution. 1 2 points ] 

.t. 



64 bit tusA l 

. . _'>cr /, / L' r / v ■fUcf'JL AAV/ 

f U.f '~' tk i6r< U ‘ {iK ’ 

W(. ( ct £Acrf<\SC iU(_ (,nc <s-f i^L- keyih CJDC^C 

4. List two of the four phases of the SSL handshake protocol? [ 1 points ] 

i. Sc^cr-r 

v/ ii. C / ( t" ;vf £ A vcff# i\ Hcclt cf C 1 < \ P ^ *" V ^ ' 

5. In SSL handshake protocol, the last phase sends finished_message from client to server. 

What is the main content and purpose of this message. [ 2 points ] 

-fit- oatnv/ . 

cio^O. C'C fl/l -^C f* M 


If t'S 
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Question 4: 



\ 
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1. Define Data integrity , 

chib* <,«*'' 

/V t;c ixi\C C'M tVv • 

2. What is the birthday problem? 

Aeed o*\y 
t* 9 ac A|<^ v<? ^ C ' ,/ *1_ C A /^c’t ^“ c ' 

3. Define data origin authentication: ^ y 

|{ /> T*'*- ** 


[ 1 points ] 






| 

4. If we have a hash function, how do we construct a MAC from it? 

C^o.-^pt'C if ou/' l ‘j ^ 

5. Is digital signature the same as a MAC? 

\ A '0 



[ 1 points ] 

f>2M I y <i_ cVK’tl^j C 


[ 1 points ] 


[ 1 points ] 


[ 1 points ] 
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6. Is it better to compute MAC beforeor aft|X-me ssa S 

\o e pj>srQ- c&JTTC 


J 



? Why 


lh<-T 


[ 1 points ] 

c>% uu- \ & tX (L^ 
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v 1 >vo r o-r * 
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7. A brute force attack on hash function depends solely on the length of hash code. A brute 
force attack on MAC depends on two factors? t 2 P oints 1 

u /V /^A<^ 

4- SV 2^ c- {- A* ^ 

« what k thp nurnose of the dual signature in SET protocol?, [ 2 points ] 

^{or\ c U\c^ 

^.ckSX. 
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